Articles Tagged with NCMEC

When a technology platform detects possible child sexually abusive material, federal law requires it to report the content to the National Center for Missing and Exploited Children (NCMEC). NCMEC forwards the report to law enforcement, which may then obtain a warrant to search your devices. Detection can happen without any human review of your files.

What most people do not understand about an NCMEC-referred investigation is that by the time a law enforcement agent knocks on the door or calls on the phone, the investigation has typically been underway for weeks or months. The platform detected the material, generated an automated report, NCMEC reviewed and forwarded it, and federal or state investigators identified the account holder, confirmed the address, and built a probable cause foundation for a warrant, all before any contact with the suspect. The person receiving that knock believes they are at the beginning of a process. In reality they are near its end.

That asymmetry produces four predictable and serious mistakes. The first is believing that cooperating with investigators will result in more lenient treatment. It rarely does, and statements made during voluntary cooperation frequently become the most damaging evidence in the case. The second is believing that deleting files or destroying the device eliminates the evidence. It does not. Hash values and metadata can persist in ways that are not visible to the user, and destruction of a device after a person knows or reasonably suspects an investigation is underway carries its own serious legal consequences. The third is believing that because no contact has occurred for weeks or months, law enforcement lost interest or moved on. Investigations of this kind do not expire. The fourth is believing that a prior conversation with investigators went well and the matter is resolved. It almost certainly is not.